Introduction to DNS

• Function of DNS: translating human-readable names to IPv4 or IPv6 addresses.
• It is considered an essential service for the Internet
  • All World-Wide-Web and Mail services depend on DNS
  • Many Cloud services have a DNS Dependency
  • Many local network services may also depend on DNS (local DNS)
• History (Source: https://en.wikipedia.org/wiki/Domain_Name_System)
  • Manual look-up tables for hosts and IP addresses (ARPANET)
  • hosts.txt file on a central server (WHOIS directory)
  • The 1980s saw the exponential growth of the internet, which made maintaining a single centralized file costly and impractical
    • 1983 Domain Name System was created
    • IETF created RFC 882 and RFC 883 in Nov 1983
  • 1984: BIND written for Unix
  • 1987: IETF RFC 1034 and RFC 1035 DNS specifications

Terminology

Before you continue with this topic, please make sure that you understand the following terminology.

• DNS: Domain Name Service
• Root name server: denoted by an empty string as a label. Example: lamp.computerstudi.es. (notice the . at the end)
• TLD: Top Level Domain Examples: .com, .net, .org, .ca, .es, etc.
• NS: Name Server, delegation of the records of a domain or subdomains to other servers
• Zone: is created when DNS is delegated to an NS
• FQDN: Fully Qualified Domain Name, is for a specific host or device. Examples: device.department.country.company.tld., and mail1.student.georgianc.on.ca.
• Resolver: is a software that performs a “lookup” operation or a “DNS Query” to resolve a given name to an IP address (DNS client)
• BIND: Berkeley Internet Name Domain, one of many available DNS server software. See https://en.wikipedia.org/wiki/BIND
  • Other examples include dnsmasq, Microsoft DNS, Cisco Network Registrar (CNR), NSD, Unbound, etc. For more information, see: https://en.wikipedia.org/wiki/Comparison_of_DNS_server_software

DNS Root Zone

For more detailed information, see DNS root zone article on Wikipedia.

The global DNS root servers were previously overseen by ICANN (Internet Corporation for Assigned Names and Numbers) and by the National Telecommunications and Information Administration (NTIA), an agency of the United States Department of Commerce.

As of Oct 1, 2016, ICANN has delegated the duties to IANA (Internet Assigned Numbers Authority), which has outsourced the distribution services to Verisign (a US-based corporation).

Due to limitations of the UDP protocol, there are only 13 global root servers from a to m.

• Official Names: a.root-servers.net to m.root-servers.net
• The a and j servers are operated by Verisign
• Used to be all located in the USA, but no longer the case: the root zone is serviced by several hundred servers at over 130 locations in many countries

For the sake of redundancy and load balancing, each root server is a cluster of many servers that respond to anycast requests. (See https://root-servers.org/)

When configuring a DNS server for the first time, the IP address of at least one root server is needed to retrieve the current list of all other name servers.

DNS Name Registry and Distribution

• Registry operators are "wholesalers" of internet names. They maintain domain name registry databases. However, they do not interact with internet name purchasers and end-users directly. They contract out the registry process to Domain Name Registrars.
• Domain Name Registrars are the "retailers" of internet names. You can purchase your desired and available DNS name from a Registrar who is accredited and is authorized to sell names under specific TLDs. See https://en.wikipedia.org/wiki/Domain_name_registrar
  • To register a domain:
    • Choose a name that is available
    • Provide information mandated by the TLD (such as the whois information)
    • Pay the fees
    • Provide your NS (name server) IP addresses
      • You can host your own NS (must have a static public IP address)
      • You can outsource your NS functions to a DNS service provider (separate cost from domain name registration)

DNS Resolver

Resolver is a client software in an end device that "resolves" DNS names to IP addresses. A resolver software is usually included with or is built into an OS or network device software/firmware. DNS names are largely for humans, and machines using TCP/IP do not understand them. Any network-connected device using TCP/IP protocol must transmit network packets by including a destination IP address in the IP headers. The resolver software uses the DNS protocol to contact upstream DNS servers to obtain IP addresses for any DNS name before your system is able to assemble and transmit network packets to that destination.

Ubuntu uses systemd.resolved (8) as its resolver. Here are some relevant files and configurations:

• /etc/hosts file is the static lookup table (see https://en.wikipedia.org/wiki/Hosts_(file) )
• /etc/resolve.conf is the resolver configuration file
• Use the resolvectl utility to view details about the current resolver status and upstream servers being used. Try the resolvectl status command on your system to view the current status of the resolver.
• /etc/nsswitch.conf (see man nsswitch.conf): "Name Service Switch configuration file, used by the GNU C Library and certain other applications to determine the sources from which to obtain name-service information in a range of categories, and in what order".

Example of a DNS query operation

This is an example of a "recursive DNS query" where the DNS server communicates with several other DNS servers to find the IP address of a specific host before returning the IP to the requesting DNS client.

Example Address: fqdn.subdomain.domain.tld. (notice the . at the end!)

1. Client request arrives at the server
2. A resolver breaks the name into its “labels” from right to left
   1. TLD is queried from a root name server (who knows about tld.) -> returns authoritative TLD (address of the NS to ask about domain.tld.)
   2. Domain is queried from TLD -> returns the NS for the domain (address of the NS to ask about subdomain.domain.tld.)
   3. Subdomain is queried from the Domain server -> returns NS server for subdomain (address of the NS to ask about fqdn.subdomain.domain.tld.)
   4. FQDN is queried from the second NS server -> returns the IP address for the host that we are trying to reach
3. DNS server returns the IP address to the host to the requesting client, and may also keep it cached for future use, in case another client asks

Edit 🖊️

Linux Client DNS Utilities

Ubuntu provides the dnsutils package containing several utilities useful for troubleshooting and NS lookup tasks. Some included utilities are:

• nslookup (1): query Internet name servers interactively
• dig (1) : DNS lookup utility
• host (1): DNS lookup utility
• getent (1): get entries from Name Service Switch libraries

Reverse Lookup (rDNS)

You can ask a DNS server to find an IP address from a DNS name, or you can ask for a "reverse lookup" where you provide the IP address in order to find a FQDN. For a reverse lookup to be successful, the NS server must be configured with the appropriate PTR record entries in the zone file. For more information, see https://en.wikipedia.org/wiki/Reverse_DNS_lookup.

BIND9

If you are interested in the history of BIND, then visit https://www.isc.org/bindhistory/.

BIND has been around since 1983 and is still in use extensively. If you are administering any websites or are in charge of managing domains, chances are your DNS service provider will require you to maintain and provide your domain name configuration in a format that aligns with the BIND zone file configuration.

BIND can act as a primary, secondary, forwarding, or caching DNS server.

• Primary Server: Provides authoritative data for a domain

• Secondary Server: Provides authoritative data for a domain, as long as it can stay up to date

• Forwarding server: forwards DNS requests to another server

  • Caches results (non-authoritative data for a domain)
  • Will not do a recursive search on its own
  • Usually used to control DNS traffic in a network (such as filtering of corporate network traffic)

• Caching servers: do a recursive search and save responses for quicker access

  • Useful for small networks

The main BIND configurations are located under /etc/bind. Here are some of the configuration files and their intended functions:

• named.conf # configuration files for the bind daemon
• named.conf.local # local server configuration
  • For Primary Server:
    • Set type to primary (or master for older versions) in named.conf.local
    • Specify the source zone file with the file directive
    • If the allow-transfer keyword is specified, it can supply zone data to secondary servers
  • For Secondary Server:
    • Set type to secondary (or slave in older versions) in named.conf.local
    • Use primary (or master) keyword to specify the primary server
• named.conf.options # daemon options
• named.conf.default-zones # provides zone data for RFC-defined zones
• db.root # provides DNS root server records
  • Usually static, and is updated through software updates
  • Need at least one current root server to be able to obtain others!
• localhost # provides DNS data for the localhost
• Key files are used for DNS validation and are updated via software updates
• Zone files are the domain name configurations for each name
  • Each zone file has a "serial number". The serial number is used by other DNS servers (secondary, forwarding and caching servers) to know if they have the current and latest information about a domain.
  • Do not forget to increment your serial number when making changes to a zone file so that the new information is propagated to other DNS servers and ultimately to clients.
  • System administrators usually make serial numbers that correspond to the date and time, so that a human can know when the last time a DNS record was updated, or which version they are using.

BIND9 Service Management and Related Utilities

In Ubuntu, the BIND service is managed using systemd:

• sudo service bind9 [ start | stop | restart | reload]
  There is an included utility for managing the BIND daemon application itself:
• rndc [ reload | stats | flush | status ]
• Using rndc can be less disruptive than restarting the entire daemon, especially on larger servers with many configurations.
• The named-checkzone utility is used to verify the syntax of the zone files.
  • Example: named-checkzone example.com /etc/bind/db.example.com
• named-checkconf <conffilename> is used to verify the syntax of configuration files

Note: The named-checkzone and named-checkconf utilities only check for syntax and cannot detect wrong or missing information!

BIND logs are sent to syslogs and are stored at /var/log/syslog. You can query or search syslogs for troubleshooting or monitoring BIND.

Example Zone File

Even if you never set up your own DNS server, where you may need to create your own zone files for your domain, you will need to understand exactly what goes into a zone file in order to be able to configure any domain hosted at any provider. You will also need to know the meaning of these directives when using tools such as nslookup for troubleshooting or investigating a DNS name. The following are the important directives in the zone file:

• IN: Internet Class Record
• SOA: start of authority
• NS: name server
• MX: mail exchanger
• A: IPv4 address (32bits)
• AAAA: IPv6 address (128bits)
• CNAME: canonical name = Alias

Here is an example of a zone file:

$ORIGIN example.com.     ; designates the start of this zone file in the namespace
$TTL 3600                ; default expiration time (in seconds) of all RRs without their own TTL value
example.com.  IN  SOA   ns.example.com. username.example.com. ( 2020091025 7200 3600 1209600 3600 )
; Legend for the above numbers:
;	2020091025		; Serial number, increment with every change
;	7200			; Refresh
;	3600			; Retry
;	1209600			; Expire 
;	3600			; Negative Cache TTL
;
example.com.  IN  NS    ns                    ; ns.example.com is a nameserver for example.com
example.com.  IN  NS    ns.somewhere.example. ; ns.somewhere.example is a backup nameserver for example.com
example.com.  IN  MX    10 mail.example.com.  ; mail.example.com is the mailserver for example.com
@             IN  MX    20 mail2.example.com. ; equivalent to the above line, "@" represents the zone origin
@             IN  MX    50 mail3              ; equivalent to the above line, but using a relative host name
example.com.  IN  A     192.0.2.1             ; IPv4 address for example.com
              IN  AAAA  2001:db8:10::1        ; IPv6 address for example.com
ns            IN  A     192.0.2.2             ; IPv4 address for ns.example.com
              IN  AAAA  2001:db8:10::2        ; IPv6 address for ns.example.com
www           IN  CNAME example.com.          ; www.example.com is an alias for example.com
wwwtest       IN  CNAME www                   ; wwwtest.example.com is another alias for www.example.com
mail          IN  A     192.0.2.3             ; IPv4 address for mail.example.com
mail2         IN  A     192.0.2.4             ; IPv4 address for mail2.example.com
mail3         IN  A     192.0.2.5             ; IPv4 address for mail3.example.com

$ORIGIN example.com.     ; designates the start of this zone file in the namespace
$TTL 3600                ; default expiration time (in seconds) of all RRs without their own TTL value
example.com.  IN  SOA   ns.example.com. username.example.com. ( 2020091025 7200 3600 1209600 3600 )
; Legend for the above numbers:
;	2020091025		; Serial number, increment with every change
;	7200			; Refresh
;	3600			; Retry
;	1209600			; Expire 
;	3600			; Negative Cache TTL
;
example.com.  IN  NS    ns                    ; ns.example.com is a nameserver for example.com
example.com.  IN  NS    ns.somewhere.example. ; ns.somewhere.example is a backup nameserver for example.com
example.com.  IN  MX    10 mail.example.com.  ; mail.example.com is the mailserver for example.com
@             IN  MX    20 mail2.example.com. ; equivalent to the above line, "@" represents the zone origin
@             IN  MX    50 mail3              ; equivalent to the above line, but using a relative host name
example.com.  IN  A     192.0.2.1             ; IPv4 address for example.com
              IN  AAAA  2001:db8:10::1        ; IPv6 address for example.com
ns            IN  A     192.0.2.2             ; IPv4 address for ns.example.com
              IN  AAAA  2001:db8:10::2        ; IPv6 address for ns.example.com
www           IN  CNAME example.com.          ; www.example.com is an alias for example.com
wwwtest       IN  CNAME www                   ; wwwtest.example.com is another alias for www.example.com
mail          IN  A     192.0.2.3             ; IPv4 address for mail.example.com
mail2         IN  A     192.0.2.4             ; IPv4 address for mail2.example.com
mail3         IN  A     192.0.2.5             ; IPv4 address for mail3.example.com

Interesting Files, Utilities, and Commands

• nslookup
• dig
• host
• getent
• service bind9 <start | stop | restart | reload>
• rndc <reload | stats | flush | status>
• name-checkzone <zone> <zonefile>
• named-checkconf <conffilename>
• /etc/hosts
• /etc/resolv.conf
• /etc/nsswitch.conf
• /etc/bind
  • named.conf.local
  • named.conf.options
  • named.conf.default-zones
  • db.root
  • localhost